Proofpoint Targeted Attack Protection (TAP) and Threat Response

Additional Info

Company size (employees)1,000 to 4,999
Headquarters RegionNorth America
Type of solutionCloud/SaaS


Targeted Attack Protection (TAP) protects against phishing attacks, ransomware, BEC, and other advanced threats that target people and their data via the tools they use to conduct business. TAP uses static and dynamic techniques to continually adapt and detect new cyber-attack patterns. We analyze potential threats using multiple approaches to examine behavior, code and protocol. This enables us to detect threats early in the attack chain. This sandboxing and analysis take place in virtual environments, bare-metal hardware, and they leverage analyst-assisted execution to maximize detection and intelligence extraction. TAP also detects threats and risks in cloud apps and connects email attacks related to credential theft or other attacks. Our technology doesn’t just detect threats and ransomware—it also applies machine learning to observe the patterns, behaviors, and techniques used in each attack. Armed with that insight, TAP learns and adapts.

Proofpoint Threat Response is a force multiplier for security operations that orchestrates and automates incident response. The platform surrounds security alerts with rich contextual data to help security teams prioritize and execute response actions. It collects and analyzes security event context around incidents and investigations, and it collects endpoint forensics to confirm system infections to create actionable profiles of incidents. Based upon the enhanced context, it enables enforcement and quarantine actions automatically or at the push of a button leveraging existing infrastructure.

Threat Response collects and analyzes endpoint forensics from targeted systems to yield a rich snapshot of indicators of compromise. Based on the forensics collected and analyzed by the system, Threat Response presents a context-rich view of the threat that allows analysts to take push-button response actions, identify areas for additional investigation, or turn on automated response such as retract delivered email from users’ mailboxes, add users to low permission groups, or update blocklists of firewalls and web filters.

How we are different

Unparalleled Protection – TAP leverages numerous techniques to protect against the ever-changing threat landscape. This includes leveraging both our Nexus Threat Graph and NexusAI which provides real-time sharing of threat intelligence from the number 1 deployed solution across the F100, F1000, and G2000 as well as the market leader in email and leading in other vectors such as cloud, network and social.

Unmatched Visibility – TAP provides detailed information on threats and campaigns in real time to gain visibility into both widespread and targeted attacks. It gives details on the threats themselves, threat actors, and impacted users. Security teams can identify who their very attacked people (VAPs) are in order to protect them against threats and ransomware that target them specifically. These VAPs are identified using the Proofpoint Attack Index, a weighted composite score of all threats against an individual within an organization. It scores threats based on four factors: threat actor sophistication, spread and focus of attack targeting, type of attack, and overall attack volume. By better understanding VAPs, security teams can prioritize the most effective ways to resolve threats.

Automated Response: Many security alerts lack critical information required to determine the context of a threat and next steps. Proofpoint Threat Response automatically enriches security alerts by collecting important internal and external context, intelligence, and data to create an actionable view of each alert. Armed with this insight, security teams can quickly understand, prioritize, and respond to security threats. It automatically checks every domain and IP provided in security alerts and sandbox reports against its built-in premium intelligence feeds. This step removes hours of work and manual one-by-one searching against intelligence services to find attacking IPs and hosts leveraging known bad sites.